3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:N/A:P
0.001 Low
EPSS
Percentile
22.6%
phpSysInfo is a PHP system information tool.
phpSysInfo contains two vulnerabilities which could allow local files to be read or arbitrary PHP code to be executed, under the privileges of the web server process.
An attacker could read local files or execute arbitrary code with the permissions of the user running the host web server.
There is no known workaround at this time.
It is recommended that all Gentoo Linux users who are running www-apps/phpsysinfo upgrade to the fixed version:
# emerge sync
# emerge -pv '>=www-apps/phpsysinfo-2.1-r1'
# emerge '>=www-apps/phpsysinfo-2.1-r1'
# emerge clean
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | www-apps/phpsysinfo | <= 2.1 | UNKNOWN |